Guest-controlled out-of-bounds read/write on x86_64 in wasmtime
CVE-2023-26489

10CRITICAL

Key Information:

Vendor

Bytecodealliance

Status
Wasmtime
Vendor
CVE Published:
8 March 2023

What is CVE-2023-26489?

The Wasmtime runtime for WebAssembly contains a vulnerability in its Cranelift code generator on x86_64 targets. The bug results from an incorrect computation of the effective address during load/store operations, allowing memory access up to 34GB away from the base of linear memory. This exploit could enable a malicious WebAssembly module to read or write memory belonging to other instances, potentially leading to intrusions into sensitive data spaces. Users are encouraged to update to patched versions or implement workarounds to ensure memory access is correctly bounded, as notable performance impacts may result from these configurations.

Affected Version(s)

wasmtime cranelift-codegen: >= 0.84.0, < 0.91.1 < cranelift-codegen: 0.84.0, 0.91.1

wasmtime cranelift-codegen: >= 0.92.0, < 0.92.1 < cranelift-codegen: 0.92.0, 0.92.1

wasmtime cranelift-codegen: >= 0.93.0, < 0.93.1 < cranelift-codegen: 0.93.0, 0.93.1

References

https://github.com/bytecodealliance/wasmtime/security/adv...
x_refsource_CONFIRM
https://github.com/bytecodealliance/wasmtime/commit/63fb3...
x_refsource_MISC
https://docs.rs/wasmtime/latest/wasmtime/struct.Config.ht...
x_refsource_MISC

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.